Slashdot videos: Now with more Slashdot!

View

Discuss

Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).

darthcamaro writes "One year ago today was the the official 'Launch Day' of IPv6. The idea was that IPv6 would get turned on and stay on at major carriers and website. So where are we now? Only 1.27% of Google traffic comes from IPv6 and barely 12 percent of the Alexa Top 1000 sites are even accessible via IPv6. In general though, the Internet Society is pleased with the progress over the last year. '"The good news is that almost everywhere we look, IPv6 is increasing," Phil Roberts,technology program manager at the Internet Society said. "It seems to be me that it's now at the groundswell stage and it all looks like everything is up and to the right."'"

But its still difficult to get an ipv6 home connection in many areas. I can see that for years to come we will have an ipv6 backbone, ipv6 in amjor organisations but most people connected via NAT and an IPv4 isp

Haven't done any shopping lately, but do most people's home routers support IPV6? I'm pretty sure mine doesn't. I think this is part of the problem with ISPs rolling out IPV6. Many of the customers don't have the hardware at home to deal with it.

Many of the customers don't have the hardware at home to deal with it.

It hardly matters. I signed up for the Comcast IPv6 trial years ago - downtown business-class connection - they're not even rolling it out in this area yet. There are a few tiny areas where you can get one on a residential service, but mostly no - most people only have access to IPV4. Until IPv6 is available from the prevalent carriers, I'm not going to worry too much about end-users not adopting.

But its still difficult to get an ipv6 home connection in many areas. I can see that for years to come we will have an ipv6 backbone, ipv6 in amjor organisations but most people connected via NAT and an IPv4 isp

In the UK at least, it isn't difficult to get an IPv6 connection. However, you need to know you want one when you shop around, as the majority of ISPs still don't do it. If you're an "average user" and therefore know nothing of IPv6 or how the internet works, adoption is at rock bottom because:1. You need to be clued up enough to ask an ISP if they offer v6 (the "big 4" don't)2. You need to be clued up enough to know when the ISP is lieing3. You need to be clued up enough to buy an IPv6 capable router (mo

Where is the advantage to home users if they use IPv6? If you buy a router that is interoperable with IPv6, what difference does it make to you if the network provides a IPv4 or IPv6 connection to your local network?

What we're talking about here is IPv6 for the WAN interface on your router. Pretty much nobody should need IPv6 internally right now.

That doesn't really make sense. Unless you're going to do some horrendous ALG on the router, you are going to need IPv6 both internally and externally in order to talk to IPv6 services - running IPv6 on the router's WAN interface but only IPv4 internally isn't going to help you (also there's almost no reason not to run IPv6 internally anyway)

Its marginal, to be sure, right now. There *can* be some websites that are IPv6 only that you won't be able to access if you only have ipv4. As far as I know there aren't any that are worth while visiting. Also, If large websites support IPv6 in addition to v4, if on eis down you should be able to access the other if they are on different servers. So you might have more uptime?

There are other things that Ipv6 is good at that probably wouldn't matter to most home users. Like having mutliple machines externa

Well, this is the problem. For the majority of home users there is very little advantage _at the moment_, so even if they know enough to shop around for a v6 connection they probably won't bother. And the vast majority of users don't know the first thing about how the internet works, so wouldn't know to shop around for a v6 connection anyway.

Its basically a chicken & egg problem: The people who are going to have problems with the IPv4 address shortage are the server operators, who would want to roll o

To home users, it provides a whole host of IP addresses that can be used to enhance their security. For instance, if someone sets up a DHCP to pool a certain set of addresses to his laptop, that would exceed anything that was available when IPv4 was not in such a shortage. For instance, one could set it up so that the laptop would pool 65,536 addresses within a certain range, while addresses outside that can be static for certain devices.

You're not supposed to subnet past the/64, so you'll still need more than a/64 to properly segment your LAN. While the number of routable IP addresses will increase, the number of routes will go down, which is all the router cares about.

I changed ISP a couple of years ago because of that. Going IPv6 at home was not hard but needed some work and some duplication (firewall, DHCP range,...). Hosted servers that I look after have had IPv6 addresses for several years.

Everyone is waiting on everyone else to force them to change to IPv6. I think it could be used a security tool, but none of our "security conscious" idiot admins will admit it because they are really just ignorant of IPv6 and treat as some type of alternate configuration. I've seen way more labor put into disabling IPv6 than anything else. Kind of stupid and frustrating.

But its still difficult to get an ipv6 home connection in many areas. I can see that for years to come we will have an ipv6 backbone, ipv6 in amjor organisations but most people connected via NAT and an IPv4 isp

In north america this is the major hurdle. There are too many people trying to push the problem down the road, to the point it will finally bite them or their customers. I work for a large US corporation and their answer is "yeah, yeah, whatever, too much work, too short sighted". What is often missed is not the the USA or Canada is running out addresses, but the rest of the world practically has and that we will end being cut off from new services, who can't new IPv4 addresses.

your typical home router that is still being bundled by ISPs doesn't support IPv6, it seems only 'high end' or after-market routers tend to do that, probably because the amount of firmware memory in these cheap routers is limited.

Is the firmware for IPv6 necessarily much larger than that for IPv4? I would have thought that the complexity would be similar. On the one hand you don't need NAT, but on the other you need more complex filtering [arstechnica.com].

If you don't have much stuff on the inside of your firewall it's not really any harder. Actually if you have a lot it's not really harder either since it's still all ports and addresses. The fuckup you've linked to is due to separate teams working on separate firewalls for IPv6 and v4 and is a management issue which only affects the endpoint. If you've got the network under the adult supervision of even a cheap and nasty ADSL IPv6 aware router the filtering should just work without having to care about p

I would think that ISPs would, for the course of a transition, support both IPv4 and IPv6 in some form. Since it would still need to handle all the IPv4 stuff it has been handling and then IPv6 in addition, I'd expect that supporting both might require larger and more complex firmware, and perhaps even more computing power.

The stuff at the ISP end (routers and the like) have supported IPv6 for years.

Depends on where you are. Here in the UK, BT wholesale only started upgrading their network to support IPv6 some time last year. That's despite having rolled out a complete replacement "21st century" network only a few years previously -- somehow, they failed to realise that IPv6 support might be a useful feature.

A stateful firewall is in general less complex than a NAT. A stateful firewall has to understand what the higher level protocols are doing to a sufficient extent to decide what to block. A NAT has to understand what the higher levels are doing and know enough about the packets to alter them.

But that is beside the point. Between servers that aren't available on v6 and residual end systems that don't support IPv6 out of the box (if at all) home routers are going to have to keep doing IPv4 for the forseeable f

My ISP didn't give me a router, they gave me Gigabit Ethernet Switch+Bridge+Fiber Transceiver. It's like a big LAN, where each customer gets their own vLAN with a gateway which is the chassis. Except, instead of a regular 48 port switch, it's a 480 port Layer3 IPv4/IPv6 chassis with a 2Tb backplane and 4x100Gb uplinks.

My question is what do they plug those uplink ports into. Each chassis can only support 480 people and there are thousands. What does an aggregate switch for 100Gb ports look like? And wha

Juniper T and Cisco Nexus mostly. 100gb ports are really not that uncommon, sub 10k TOR switches can be had with 48 ports of 10ge and a few 40/100 uplinks. Gigabit has been a server standard since the end of the 90's 10ge nics are fairly cheap options at this point.

Assuming even 5000 people have Internet through my ISP, that is a bit over 10 chassis, each with 4 100Gb uplinks. They don't need to use all of them, but I drool at the thought of a switch or router with 40x100Gb ports. I understand that my ISP is not going to have a 4Tb Internet connection, but the internal network has the potential of a lot of inter-chassis bandwidth.

Not a single business partner, client, or home user that I've dealt with for the last 3 year has an active IPv6 DNS registration. _None_.

The critical factor for IPv4 exhaustion was the lack of "/24" addres spaces for businesses and buildings. This has been impressively ameliorated by the use of NAT, which shares numerous intenral and protected IP addresses behind a single or pair of public addresses and should be the _default_ configuraiton in most businesses and organizaitons, simply to reduce the constant external vulnerability scanning of any host directly connected to the Internet.

The growth of high capacity load balancers for web servers and other network services has also helped tremendously, allowing a wide set of behind the scenes hosts to be serviced by a single exposed device and reducing the IPv4 footprint of these services. Also, people have learned how to economize in the ir IPv4 use: They _do no tneed_ a different IP address for their email server, their FTP server, their web server, their phone server, their chat server, and their IRC server. The services are being easily funneled through a single exposed router or firewall, far more efficiently than before.

The result has been that the great need for IPv6 simply has not yet occurred, and is unlikely to occur for another 10 years. The foundation of the need for IPv6 is basically that of ubiquitous comuputing: the idea that every single device scattered around the home or around the workplace will have its own IP address for remote communications, and they _should not have_ public IP addresses. Providing public, routable IP addresses puts them at risk of attack at all times: putting them in the unroutable, easily tracked and maintained IPv4 address space handles almost all internal network needs quie effectively and is a signigicant security advantage and eases scanning and tracking of local resources.

That's tremendously short sighted. Should we wait until IPv4 exhaustion is actually causing us lots of problems, or should we get things ready in advance, and make an orderly transition and avoid the problems (arguably the problems started already with all the issues NAT brings when you want to actually establish end to end connections - especially when you discover the guys at the far end happened to use exactly the same RFC1918 netblocks as you did and now someone has to renumber their internal network. We avoided that one by the skin of our teeth - we have a Very Expensive Piece Of Machinery that gets remote support from Siemens who made it. The netblocks they use for their internal networks are the same as ours - it was just blind luck our network addressing didn't end up overlapping, and their network was an adjacent/24 of RFC1918 space to one of our internal networks!)

Not a single business partner, client, or home user that I've dealt with for the last 3 year has an active IPv6 DNS registration. _None_.

The critical factor for IPv4 exhaustion was the lack of "/24" addres spaces for businesses and buildings. This has been impressively ameliorated by the use of NAT, which shares numerous intenral and protected IP addresses behind a single or pair of public addresses and should be the _default_ configuraiton in most businesses and organizaitons, simply to reduce the constant external vulnerability scanning of any host directly connected to the Internet.

The growth of high capacity load balancers for web servers and other network services has also helped tremendously, allowing a wide set of behind the scenes hosts to be serviced by a single exposed device and reducing the IPv4 footprint of these services. Also, people have learned how to economize in the ir IPv4 use: They _do no tneed_ a different IP address for their email server, their FTP server, their web server, their phone server, their chat server, and their IRC server. The services are being easily funneled through a single exposed router or firewall, far more efficiently than before.

The result has been that the great need for IPv6 simply has not yet occurred, and is unlikely to occur for another 10 years. The foundation of the need for IPv6 is basically that of ubiquitous comuputing: the idea that every single device scattered around the home or around the workplace will have its own IP address for remote communications, and they _should not have_ public IP addresses. Providing public, routable IP addresses puts them at risk of attack at all times: putting them in the unroutable, easily tracked and maintained IPv4 address space handles almost all internal network needs quie effectively and is a signigicant security advantage and eases scanning and tracking of local resources.

Um, yeah, creating a single bottleneck and point of attack to the internet seems like a great idea... It's not that your ideas don't have merit (although you do over state and misstate some of them) but that they only address the needs of a certain set of users. NAT is not an unmitigated good. NAT has significant shortcomings.

I wasn't going to get into this, but the single bottleneck is why you deploy them in high availability failover pairs, or multi-hosted sites for international high availability environments. IPv6 doesn't really help this problem in any way: you still need some kind of a router to protect your publicly exposed services, unless you're interested in maintaining local routers for _every single exposed environment_.

The support benefits, and corporate political benefits, of having a chokepoint for all Internat se

This myth again - you should know better. Nobody is suggesting removing the firewalls that can prevent the constant external vulnerability scanning of any host directly connected to the Internet. They can do it quite well without the utter pain in the neck that is NAT. Yes, NAT saves newbies arses, but so now does the default configuration of even cheap and nasty ADSL routers so taking it away probably will make zero difference.

They _do no tneed_ a different IP address for their email server, their FTP server, their web server, their phone server, their chat server, and their IRC server.

Are you seriously making such a suggestion in 2013 when we are knee deep in virtual machines or are you joking? It doesn't take much complexity before you end up wanting to have two separate things running the same service and then you've got to do some arcane mucking about with non-standard ports and port forwarding if you've only got one real IP address. You've also got to be sure that the ports you've chosen are not being blocked at the other end and that can very seriously limit your choices, to the point where people connecting through mobile/cell networks have to be allowed all the way in to an almost unprotected network by VPN since you have run out of ports the telco allows. In such a case NAT becomes the security risk instead of the security solution you are trying to convince the gullible it is.

The services are being easily funneled through a single exposed router or firewall

Nobody is suggesting changing that. You still get all that filtering only without the constriction of NAT.

Yes, it really does. Many of the groups I work with are staffed by newbies, even in their IT departments. Maintaining Internet exposed firewalls is as fragile, and dangerous, as handling electrical power directly off the power grid before it's been stepped down to 120 Volt. Errors are very common, and profoundly dangerous. It should be avoided by anyone who doesn't absolutely need it

> Are you seriously making such a suggestion in 2013 when we are knee deep in virtual mach

No, I'm suggesting that in 2013 we have load balancers and proxies that do an excellent job of distributing exposed services to arbitrary numbers of internal hosts. The hosts generally have no need, or excuse, to be exposed directly to the Internet. Therefore they do not need a routable IP address. There are a few services, such as SMTP, that deal well with multiple available public IP addresses. And there are some web services that deal very well with multi-homed IP addresses in multiple physical locations. Google is an excellent example of that.

But that is precisely what IPv4 is running out of - having multiple available public IP addresses. Even for NAT, when they do Port Address Translation, they prefer to have more than 1 public address for the purpose, especially for load balancing. This is the very thing that IPv6 addresses so well that the need to have NAT disappears.

Also, it is a good idea to have separate routable IP addresses for different virtual machines, as well as for imap servers, smtp servers, ftp servers, web servers, irc ser

This has been impressively ameliorated by the use of NAT, which shares numerous intenral and protected IP addresses behind a single or pair of public addresses and should be the _default_ configuraiton in most businesses and organizaitons, simply to reduce the constant external vulnerability scanning of any host directly connected to the Internet.

A simple stateful firewall will mitegate the dangers of scanners just as well as a NAT. In fact, the extensive address-space in IPv6 actually makes scanning much less effective since the vast majority of the addresses a scanner is going to try aren't even in use.

The growth of high capacity load balancers for web servers and other network services has also helped tremendously

And the growth of virtualisation has done the exact opposite.

The result has been that the great need for IPv6 simply has not yet occurred, and is unlikely to occur for another 10 years.

The great need on the consumer end has indeed not yet occurred, and probably won't for some time. On the ISP side too, most of the ISPs still have plenty of IPv4 addresses to go around,

This has been impressively ameliorated by the use of NAT... The growth of high capacity load balancers for web servers and other network services has also helped tremendously... people have learned how to economize in the ir IPv4 use... The result has been that the great need for IPv6 simply has not yet occurred, and is unlikely to occur for another 10 years.

I'm trying to think of a good analogy here. Maybe something like this: The holes in our boat has been impressively patched with paper, and the bucket brigade has helped tremendously by emptying the water out of the inside of our boat. Because of this, the sinking of our boat has simply not yet occurred, and is unlikely to occur for another 10 days.

It's not a great analogy, but do you see what I'm saying here? You have a serious problem that could be catastrophic. So far, we've mitigated the problem and

This has been impressively ameliorated by the use of NAT, which shares numerous intenral and protected IP addresses behind a single or pair of public addresses and should be the _default_ configuraiton in most businesses and organizaitons, simply to reduce the constant external vulnerability scanning of any host directly connected to the Internet.

How does having a single IPv4 address for an entire organization reduce the constant vulnerability scanning compared with having 100 IPv6 addresses somewhere withi

"should be the _default_ configuraiton in most businesses and organizaitons, simply to reduce the constant external vulnerability scanning of any host directly connected to the Internet."

Sure, so long as they don't expect to ever need an outside-compatible VoIP solution, video conferencing, incoming remote-operation connections from a company to provide tech support, IM software (Yes, it has business uses!), that sort of thing. NAT is an ugly hack. It only works as well as it does because almost all protoco

The critical factor for IPv4 exhaustion was the lack of "/24" addres spaces for businesses and buildings.

Keyword "was" due to registry pressure and documentation requirements. Runout is quite different. Runout will occur within the next year in the US.

This has been impressively ameliorated by the use of NAT, which shares numerous intenral and protected IP addresses behind a single or pair of public addresses and should be the _default_ configuraiton in most businesses and organizaitons, simply to reduce the constant external vulnerability scanning of any host directly connected to the Internet.

SPI is more secure than NAT. Lack of disambiguating context within ALGs leads to increased complexity and remotely exploitable assumptions.

They _do no tneed_ a different IP address for their email server, their FTP server, their web server, their phone server, their chat server, and their IRC server. The services are being easily funneled through a single exposed router or firewall, far more efficiently than before.

What does this matter when there are not enough IPv4 resources to go around? Lets assume for a moment each person can live with a single IPv4 address for all of their shit.. There are still more people than IPv4 addresses.

Actually, your belief that NAT is a one-way check valve has caused many security problems, because it is widely shared, despite being completely wrong. Punching holes in NATs is dead easy. If you are relying on your NAT to protect you from attack, you are whistling past the graveyard.

How would IPv6 expose one's intranet? Just like you have local addresses in IPv4, you have link-local addresses as well as site-unique addresses in IPv6 that achieve the same thing. And just b'cos every node has a public IPv6 address does not imply that it has to be accessable - it'll still be behind a firewall. Also, if one doesn't want a certain computer to access the external internet, one can simply not assign it any routable IPv6 address, but just assign it the link-local address and be done with

From what I've read, privacy extensions seems to be IPv6's equivalent of dynamic addresses in IPv4. Essentially, it's one alternative to using EAU-64. But a better idea is to configure a DHCP server so that services that need static IP addresses have them, and services that need dynamic IP addresses have them as well.

Except that the privacy addresses change every 15 minutes-ish and each application could have a different IP address for every request if wanted. DHCP on IPv4 cannot change your IP address without breaking your connections, IPv6 does not do that because it is generally understood that you will have lots of IP addresses.

Even in IPv6, if the temporary IP address is being used for a connnection, terminating it will break. But after a transition to a new IP address, any new connections will be made with that, while the older IP address will be deprecated once its use is complete. But the other IP addresses that the host has won't be used in making those types of connections, unless otherwise specified.

I pulled it off in my network in about a month. Since it's enabled by default in pretty much every major OS, the only thing required was to lease IP space and configure the routers to push addresses. Magically now most of my trafffic goes over IPv6.

IPv4 is the backbone of nearly all networked systems and applications; to expect EVERYONE to switch over to IPv6 immediately is a bit naive. It's not just the service providers (Quest, Lightbound, AT&T, Verizon, etc) that have to update their WHOLE infrastructure, but applications and operating systems have to natively support IPv6. Many home users cannot afford to upgrade their hardware and software on a whim and won't have a budget to do so for a few more years (mostly due to slow economy and unemployed consumers). I suspect it will take five to 10 years before we start seeing IPv6 make its way into mainstream services. I have a VM with Rackspace and it has a public IPv6 address, but the only service that I've found useful (or even readily available) are the primary Debian mirrors. Having worked as an IT Consultant for small businesses, a SysAdmin in the ISP vector (gaining insight from a vendor aspect) and now as a SysAdmin for a software company (consumer aspect), I have first hand experience at witnessing the readiness from two different ends of the spectrum. The insight I've gained tells me that NO ONE is ready to simply flip a switch; it's going to be a painful, multi-year migration.

Good news, the Internet backbone has been IPv6 for over 10 years now and Cable modem and DSL hardware in the past 5-8 years have all supported IPv6 natively also.

As for "most software". Well, the most commonly used software is the web-browser, which has been IPv6 for a while now also. Most people purchase new hardware on a 5-8 year cycle and nearly all networking hardware in the past few years has been IPv6.

Many DOCSIS2.0 cable modems and all DOCSIS3.0. The top few cable companies, which represent almost 70% of the USA's broadband base, are nearly done with their DOCSIS 3.0 rollout. Rule of thumb, if it supports more than 30Mb, it is IPv6.

"Switch over to IPv6" is a concept that detractors have pulled out of thin air, as it bears no relationship to how IPv6 rollout was planned and expected. Adding the word "immediately" just makes the misconception worse.

IPv6 was always intended to run alongside IPv4 for the foreseeable future, because old IPv4-only equipment will be around for decades until it rots and it will need to be reachable until it is replaced. So, please don't

Sheesh... there's no need to be the southern end of a north-bound mule about it. I'm simply stating what I've observed from being at different ends of the spectrum. I never stated that what I said was exact fact... only what I was speculating.

I must be the small percentage that has had not such a great experience when investigating possibility of using IPv6. I've always run into hesitation with service providers and customers. As for me personally, I too own a dual-stack router (RVS4000) but Comcast is trying to nickel and dime me on switching to IPv6. They want me to buy a new cable modem (because I refuse to pay the "rental fee") and they consistently tell me that my router isn't supported; which is complete malarkey.

Docsis 2. Comcast sent me a letter in the mail about upgrading my modem to a Docsis 3 modem. MetroNet just installed fiber in my neighborhood and they're advertising cheaper rates than Comcast for TV and Internet with faster speeds. The last conversation I had with them ended with them stating IPv6 would be available soon. I needed was a dual-stack router (ta'da, exactly what I've got) so that I could use either their IPv4 or IPv6 service. Plus, there's no modem rental with MetroNet. They said they run fibe

Good news, every piece of software you are now running is IPv6 compatible. If an application establishes a connection to a host name, all of the underlying OS stacks can do so over IPv6 if addresses are available and connections can be made.

Of course, those apps that have four little input boxes and only support hard coding an IP for a connection still won't work. Have any of those? I don't.

I have been looking at the IP v6 specs for enterprise level hardware, top of the line products from Cisco and the likes. The last I check, a few months ago, the accelerated routing on their top of the line Layer 3+ switch had about 1/2 the aggregate routing for IPv6 as it did IPv4, and older hardware is much worse.

Until the hardware ASIC's are acellarated as much for IPv6, I think businesses will lag unless they need to use IPv6 due to contract requirements (military and the likes). Why would they pay more for modern hardware that is slower than what they have to adopt IPv6 when IPv4 is satisfying their needs, even if NAT is a gimped solution. It still works, and is pretty fast.

IPv6 space won't run out in 20 years. "Well", you say, "It's inefficiently doled out - each user gets a/64 under how it's supposed to work even if their network has just one device!"

However, the amount of/64 prefixes theoretically available is 2^32 (4 billion) times larger than the address space of the *entire* IPv4 address space. Four billion times larger. Even if only 48 bits of those were usable for whatever reason, that would still be 65536 times larger than the *entire global IPv4 space*. However, there's more than 48 bits usable.

Incidentally, there are enough/48s that you can give every man, woman and child on the planet over 4000/48 allocations each before IANA even has to think about releasing some of the currently undefined address space.

However, with IPv6, every virtual machine can have its own routable address, and direct access to the internet. Now, that is not strictly a function of physical entities, although the system configurations of servers would limit the number of virtual machines running at any time. However, I do see space constraint issues appear as IPv6 tries to simplify routing by assigning more space to the routing and less to the subnets. That's where a time could come where they'd want the entire top half of the addr

The DoD assignment does seem a bit excessive. But they are the exception not the rule. I also wonder what ARIN can really do when the government of the US tells them to jump. The only thing they can do is to ask "how high?".

The RIRs always spreads the assignments so there is nothing strange in that. The idea is that if one of those/22 some day would need to be expanded, that is possible because there likely will be no adjacent assignment. This does not mean the space is reserved as such. If the world some

But what do we do in 20 years when the IPv6 address space starts to run out? Think I'm kidding? I can remember when people thought they'd never fill a 20mb because it was so huge!

There are enough IPv6 addresses available to give each and every of the 7+ Billion humans alive today 4.6 x 10^28 addresses

Or as someone else put it, The earth's surface area is about 510 trillion square meters. If a typical computer has a footprint of about a tenth of a square meter, and we stacked computers 10 billion high blanketing the entire surface of the earth, that would use up one trillionth of the address space.

I seriously doubt we're in danger of running out in the next millennium or two.

I wanted to make a cool graphic to show the relative sizes of the IPv4 and IPv6 address spaces. You know, where I’d show the IPv6 address space as a big box and the IPv4 address space as a tiny one. The problem is that the IPv6 address space is so much larger than the IPv4 space that there is no way to show it to scale! To make this diagram to scale, imagine the IPv4 address space is the 1.6-inch square above. In that case, the IPv6 address space would be represented by a square the size of the solar system.

Note that, as with so many sites, the announcement that XKCD is now available over IPv6 is obsolete. At some point they broke something, couldn't figure out how to fix it easily and so they just removed IPv6 from the site.

I read that Comcast was providing DS-lite, which is the best, in that it sets up the underlying infrastructure as IPv6, and only provides private IPv4 nodes at the end behind public IPv6 addresses for only those IPv4 nodes that for some reason can't use IPv6. That sounds to me like the best solution, in that it uses zero public IPv4 addresses, and only uses the abundant IPv6 addresses or the reused IPv4 local addresses, which don't cause any issues.

The only case I can think of would be if an especially nasty ISP deliberately gave you exactly one IPv6 address in order to cripple your connection to one device only.

It used to be a fairly common practice for ISPs to forbid the use of NAT routers in their t&c, back when most families were lucky to have one computer for the household, because they'd specced their networks and business on the 'one customer, one computer' assumption. Those people running multiple computers on one connection were taking fa